AES

Document

Introduction

The Advanced Encryption Standard (AES) computer security standard is a symmetric block cipher that encrypts and decrypts 128-bit blocks of data. Standard key lengths of 128, 192, and 256 bits may be used. The algorithm consists of four stages that make up a round which is iterated 10 times for a 128-bit length key, 12 times for a 192-bit key, and 14 times for a 256-bit key.

The first stage “SubBytes” transformation is a non-linear byte substitution for each byte of the block. The second stage “ShiftRows” transformation cyclically shifts (permutes) the bytes within the block. The third stage “MixColumns” transformation groups 4-bytes together forming 4-term polynomials and multiplies the polynomials with a fixed polynomial mod (x^4+1). The fourth stage “AddRoundKey” transformation adds the round key with the block of data.

In most ciphers, the iterated transform (or round) usually has a Feistel Structure. Typically in this structure, some of the bits of the intermediate state are transposed unchanged to another position (permutation). AES does not have a Feistel structure but is composed of three distinct invertible transforms based on the Wide Trial Strategy design method.

The Wide Trial Strategy design method provides resistance against linear and differential cryptanalysis. In the Wide Trail Strategy, every layer has its own function:

The linear mixing layer: guarantees high diffusion over multiply rounds

The non-linear layer: parallel application of S-boxes that have the optimum worst-case non-linearity properties.

The key addition layer: a simple XOR of the round key to the intermediate state

Terminology

Plaintext refers to the data to be encrypted. Ciphertext refers to the data after going through the cipher as well as the data that will be going into the decipher.

The state is an intermediate form of the cipher or decipher result usually displayed as a rectangular table of bytes with 4 rows and 4 columns.

Features

Key lengths of 128, 192, and 256 bits are supported. Each step in key size requires only two additional rounds.

The decipher is simply the inverse of the cipher.

Implementations

Optimized Software Implementation. The pure software implementation is bounded by the load/store behavior and byte arithmetic of the algorithm. The encryption requires 774 cycles per block on a MIPS32 processor and the decryption requires 837 cycles.

AES Primitives. This is the simplest form of VOCAL’s hardware acceleration. The AES Primitives extend the capabilities of the MIPS32 processor by taking advantage of MIPS Technologies CorExtend capability to decrease the number of cycles to 393 cycles to encrypt and 460 cycles to decrypt per block on the MIPS32 processor.

AES Round Accelerator. The Round Accelerator requires 1024 bytes of local memory, but increases the performance to 117 cycles per block to encrypt and 127 cycles per block to decrypt.

AES 32-bit Block Accelerator. The Block Accelerator is designed to be a good mid-scale solution. It uses 2048 bytes of local memory. The number of cycles to process a block on a MIPS32 cpu falls to 64 cycles for both encryption and decryption using this implementation.

AES 32-bit Co-Processor. The Co-Processor implementation uses 2048 bytes of memory to deliver performance of 45 cycles per block on the MIPS32.

AES 64-bit Co-Processor. The same amount of the memory is required for the 64-bit implementation, but the performance increases to just 25 cycles per block on the MIPS32.